package com.dgut.lab.security.config;

import com.dgut.lab.security.DgutOAuth2AuthenticationProvider;
import com.dgut.lab.security.SecurityUserDetailsService;
import com.dgut.lab.security.filter.DgutOAuth2LoginAuthenticationFilter;
import com.dgut.lab.security.filter.DgutOAuth2RedirectFilter;
import com.dgut.lab.service.UserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    private UserService userService;



    @Bean
    UserDetailsService CustomerUserDetailsService(){
        return new SecurityUserDetailsService();
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Bean
    AuthenticationProvider dgutOAuth2AuthenticationProvider(){
        return  new DgutOAuth2AuthenticationProvider(userService);
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(this.CustomerUserDetailsService()).passwordEncoder(passwordEncoder());
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers("/css/**", "/img/**", "/**/*.png","/js/**");
        // 允许swagger3访问
        web.ignoring().antMatchers( "/swagger-ui.html",
                "/swagger-ui/**",
                "/swagger-resources/**",
                "/v2/api-docs",
                "/v3/api-docs",
                "/webjars/**");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
//      取消跨站请求伪造保护
        http.csrf().disable().cors();
//      添加中央认证系统拦截重定向过滤器及回调认证过滤器
        http.addFilterBefore(new DgutOAuth2RedirectFilter(), UsernamePasswordAuthenticationFilter.class)
                .addFilterBefore(new DgutOAuth2LoginAuthenticationFilter(dgutOAuth2AuthenticationProvider()),
                        UsernamePasswordAuthenticationFilter.class);
        http
                .authorizeRequests()
                    .antMatchers("/").permitAll()
                .and()
//                登录配置
                .formLogin()
                    .loginPage("/login").permitAll()
                    .defaultSuccessUrl("/pageController")
                .and()
                //退出登陆相关的逻辑
                .logout()
                    //自定义退出的url---默认的为/logout
    //                .logoutUrl("/signOut")
                    //自定义退出成功后跳转的url与logoutSuccessHandler互斥
                    .logoutSuccessUrl("/login")
                    //指定退出成功后删除的cookie
                    .deleteCookies("JSESSIONID")
                .and()
//                  其他请求需要登录后才能访问
                .authorizeRequests()
                    .anyRequest().authenticated();
    }
}
